CVE-2025-14277
📋 TL;DR
The Prime Slider plugin for WordPress has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users with subscriber-level access or higher to make arbitrary web requests from the vulnerable server. This could enable attackers to query internal services, potentially exposing sensitive information or interacting with internal systems. All WordPress sites using Prime Slider versions up to 4.0.9 are affected.
💻 Affected Systems
- Prime Slider – Addons for Elementor (WordPress plugin)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal services, retrieve sensitive data from internal APIs, interact with cloud metadata services, or pivot to attack other internal systems.
Likely Case
Information disclosure from internal services, reconnaissance of internal network, or limited data exfiltration from accessible internal endpoints.
If Mitigated
Limited impact if internal services are properly segmented and authenticated, with network controls preventing arbitrary outbound requests.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is in the import_elementor_template AJAX action.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.1.0 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3419222/bdthemes-prime-slider-lite
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Prime Slider – Addons for Elementor'. 4. Click 'Update Now' if available, or download version 4.1.0+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allRemove or restrict access to the vulnerable import_elementor_template AJAX action
Add to theme's functions.php or custom plugin: remove_action('wp_ajax_import_elementor_template', 'your_callback_function');
Restrict user registration
allTemporarily disable new user registration to prevent attacker account creation
In WordPress Settings → General, uncheck 'Anyone can register'
🧯 If You Can't Patch
- Implement network segmentation to restrict outbound requests from web servers
- Add WAF rules to block requests to internal IP ranges and localhost
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Prime Slider version. If version is 4.0.9 or lower, you are vulnerable.Check Version:
wp plugin list --name='Prime Slider' --field=versionVerify Fix Applied:
Verify Prime Slider version is 4.1.0 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=import_elementor_template
- Outbound requests from web server to internal IP ranges or localhost
Network Indicators:
- Web server making unexpected outbound HTTP requests, especially to internal IPs or metadata services
SIEM Query:
source="web_server_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data CONTAINS "import_elementor_template"